For example, a user's Social Security Number could be safely communicated to a server by entering it using the virtual devices. The same technology can be used to protect any sensitive data point. As a result no sensitive data is captured or sent to the server, so it is not easily compromised by automated means. The KeyPad and PinPad send a random string of numbers over the wire that only Oracle Adaptive Access Manager can decode. The virtual authentication devices combat key-loggers and many other forms of malware that attempt to steal a user's authentication credentials.
Oracle Adaptive Access Manager offenses for malware are: If a phishing exercise is successful in stealing a user's login credentials, real-time risk analytics, behavioral profiling, and risk-based challenge make using stolen credentials very difficult since the fraudster will almost certainly not have the same behavior as the valid user and therefore would be challenged or blocked by Oracle Adaptive Access Manager. The time-stamp makes re-presenting old virtual devices on a phishing site suspect to an end user.
The "freshness" time-stamp displayed in the OAAM virtual devices shows an end user that the device was created for the current session. If the shared secret is not presented or presented incorrectly, the user will know the website is suspect. The personalized image and phrase a user registers and sees every time he logs in to a valid website serves as a shared secret between the user and server.
#ORACLE ACCESS MANAGER INTEGRATION GUIDE PASSWORD#
As such, if users notice any difference in the user experience, and they would most likely not enter their password or PIN code. Oracle Adaptive Access Manager offenses for phishing are:Ī phishing site cannot easily replicate the user experience of the OAAM virtual devices (TextPad, QuestionPad, KeyPad, and PinPad). Table 1-2 Oracle Adaptive Access Manager Defense Mechanisms Threat Table 1-2 summarizes fraud attack threats and Oracle Adaptive Access Manager defense mechanisms. With Oracle Adaptive Access Manager, corporations can protect themselves and their online users against potent fraudulent attacks, such as Phishing, Malware, Transaction and Insider Fraud, in a cost-effective manner. As well, Oracle Adaptive Access Manager provides interdiction methods including risk-based authentication, blocking, and configurable actions to interdict in other systems.įunctionality that supports end-user facing security are: The virtual authentication devices secure credential data at the entry point this ensures maximum protection because the credential never resides on a user's computer or anywhere on the Internet where it can be vulnerable to theft. Oracle Adaptive Access Manager protects end users from phishing, pharming, and malware. A portion of the risk evaluation is devoted to verifying a user's identity and determining if the activity is suspicious.įunctionality that support risk analysis are:Įnd-user facing functionality to prevent fraud
Oracle Adaptive Access Manager provides functionality to calculate the risk of an access request, an event or a transaction, and determines proper outcomes to prevent fraud and misuse. Table 1-1 Oracle Adaptive Access Manager Functionality Functionality Table 1-1 summarizes OAAM risk analysis and end-user facing fraud prevention functionality. Standard integration with Oracle Identity Management, the industry leading identity management and Web Single Sign-On products, which are integrated with leading enterprise applications. Risk-based authentication methods including knowledge-based authentication (KBA) challenge infrastructure with Answer Logic and OTP Anywhere server-generated one-time passwords, delivered out of band via Short Message Service (SMS), e-mail or Instant Messaging (IM) delivery channels. Oracle Adaptive Access Manager makes exposing sensitive data, transactions and business processes to consumers, remote employees or partners via your intranet and extranet safer.Īn extensive set of capabilities including device fingerprinting, real-time behavioral profiling and risk analytics that can be harnessed across both Web and mobile channels. Real-time evaluation of multiple data types helps stop fraud as it occurs. Real-time and batch risk analytics to combat fraud and misuse across multiple channels of access. Strengthening standard authentication mechanisms, innovative risk-based challenge methods, intuitive policy administration and integration across the Identity and Access Management Suite and with third party products make Oracle Adaptive Access Manager uniquely flexible and effective. Oracle Adaptive Access Manager is an innovative, comprehensive feature set to help organizations prevent fraud and misuse. 1.1 Introduction to Oracle Adaptive Access Manager
0 kommentar(er)
